Critical F5 Central Manager Vulnerabilities Allow Enable Full Device Takeover

09/05/2024 0 Comments 0 tags

Two security vulnerabilities have been discovered in F5 Next Central Manager that could be exploited by a threat actor to seize control of the devices and create hidden rogue administrator

Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites

08/05/2024 0 Comments 0 tags

A high-severity flaw impacting the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts on susceptible websites. The findings come from WPScan, which said that the vulnerability

Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version

08/05/2024 0 Comments 0 tags

A newer version of a malware loader called Hijack Loader has been observed incorporating an updated set of anti-analysis techniques to fly under the radar. “These enhancements aim to increase the malware’s stealthiness, thereby

The Fundamentals of Cloud Security Stress Testing

08/05/2024 0 Comments 0 tags

״Defenders think in lists, attackers think in graphs,” said John Lambert from Microsoft, distilling the fundamental difference in mindset between those who defend IT systems and those who try to

New Spectre-Style ‘Pathfinder’ Attack Targets Intel CPU, Leak Encryption Keys and Data

08/05/2024 0 Comments 0 tags

Researchers have discovered two novel attack methods targeting high-performance Intel CPUs that could be exploited to stage a key recovery attack against the Advanced Encryption Standard (AES) algorithm. The techniques have been collectively dubbed Pathfinder by a

A SaaS Security Challenge: Getting Permissions All in One Place 

08/05/2024 0 Comments 0 tags

Permissions in SaaS platforms like Salesforce, Workday, and Microsoft 365 are remarkably precise. They spell out exactly which users have access to which data sets. The terminology differs between apps, but each

China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion

07/05/2024 0 Comments 0 tags

The MITRE Corporation has offered more details into the recently disclosed cyber attack, stating that the first evidence of the intrusion now dates back to December 31, 2023. The attack, which came to

APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data

07/05/2024 0 Comments 0 tags

The Iranian state-backed hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate target networks and cloud environments. Targets of the attack include Western and Middle Eastern NGOs, media organizations, academia,

Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator

07/05/2024 0 Comments 0 tags

The U.K. National Crime Agency (NCA) has unmasked the administrator and developer of the LockBit ransomware operation, revealing it to be a 31-year-old Russian national named Dmitry Yuryevich Khoroshev. In addition,

New Case Study: The Malicious Comment

07/05/2024 0 Comments 0 tags

How safe is your comments section? Discover how a seemingly innocent ‘thank you’ comment on a product page concealed a malicious vulnerability, underscoring the necessity of robust security measures. Read